Return to errata.html CVS log | Up to [local] / www |
version 1.485, 2004/05/04 15:44:39 | version 1.486, 2004/05/05 07:35:15 | ||
---|---|---|---|
|
|
||
<a name="all"></a> | <a name="all"></a> | ||
<h3><font color="#e00000">All architectures</font></h3> | <h3><font color="#e00000">All architectures</font></h3> | ||
<ul> | <ul> | ||
<li>No problems identified yet. | <li><a name="cvs"></a> | ||
<font color="#009000"><strong>002: SECURITY FIX: May 5, | |||
2004</strong></font><br> | |||
Pathname validation problems have been found in | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&apropos=0&sektion=1&manpath=OpenBSD+Current&arch=i386&format=html">cvs(1)</a>, | |||
allowing malicious clients to create files outside the repository, allowing | |||
malicious servers to overwrite files outside the local CVS tree on | |||
the client and allowing clients to check out files outside the CVS | |||
repository. | |||
<br> | |||
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch"> | |||
A source code patch exists which remedies this problem</a>.<br> | |||
<p> | |||
</ul> | </ul> | ||
<p> | <p> | ||
<a name="i386"></a> | <a name="i386"></a> |